With the rapid development of the internet and e-business in recent years, more and more government and regional systems move to electronic processes and transactions, such as e-office by the government, e-bank, e-shopping etc. Thus, more and more information relating to personal privacy and commercial secrets needs to be transferred through the internet. However, some malicious threats such as virus, hacker, or fraud trade on the internet lead to big economic and spiritual loss to the user.
The authentication device is a small hardware device with a processor and a memory and can be connected to a computer through a data communication interface. The device has the functions such as key generation, secure key storage and encryption algorithm presetting. The calculation related to the key is performed completely inside the authentication device with the features of anti-attack and high security. Generally the authentication device is connected to the computer via a USB interface.
The authentication device verifies the legitimacy of the user identity by the PIN (Personal Identification Number) code or biometrics such as fingerprint or iris. In the process of verification, the authentication device is connected to the computer and the user enters the PIN code or the biometrics into the computer. The authentication device verifies the PIN code and the biometrics automatically. Only if the PIN code or biometrics is correct, can the user be allowed to use the authentication device. The authentication device has the features of physical anti-attack and high security.
Many information security operations can be performed by the authentication device. The operations include the data interaction (the written data is encrypted or the read data is de encrypted inside the authentication device), the identity authentication information process, the password storage/verification, the signature storage/verification, the certificate storage/verification, the right management and the data calculation by presetting codes etc. The presetting codes include the presetting user software program segment (the user software program segment cannot be read from the authentication device, the data calculation is performed inside the authentication device) and the presetting application interface function of the software protection (the interface function is an interface level function between the authentication device and software developer application) etc.
DRM (Digital Rights Management) is an approach to the protection of multimedia contents (private videos, music or other data and so on) against unauthorized copy and play for the content provider. With the DRM technology, the digital contents is protected by encryption or adding more usage rules, wherein the usage rules are adapted to determine whether the user has the right to play the digital contents. Generally, the usage rules can prevent the contents from being copied or limit the playing count of the contents. Operation system and multimedia middleware are responsible for carrying out these rules.
DRM as an advanced technology for copyright protection is introduced by Microsoft. For example, most of the high definition films of ChinaVnet are protected by DRM. The encrypted films can not be played through Media Player directly. If a user pays the fee for playing the film, the user can obtain a valid license of the film after every click and play the encrypted film. The effect of playing the film is not affected by the encryption.
The working principle of the DRM is that the developer combines a license key seed with a key ID to generate a key via a content package program and sends the same license key seed to the server as well. Afterwards the developer encrypts the contents with the key, and inserts the key ID and the URL that distributes the copyright license into the header of the contents. And then the content package program packs the header of the contents and the encrypted contents into one media file and distributes the media file to the user. When the user starts to use a player, the player requests the media copyright manager to determine whether the media file is permitted to play. Then the media copyright manager begins to search the license of the media contents in the copyright database. If the search is failed, the media copyright manager will request a new license from a copyright license distribution program of the server. The copyright license distribution program will combine the license key seed with the key ID sent from the developer to generate a same key. Then the copyright license distribution program encrypts the key and generates a copyright license as well. The encrypted key and a certificate obtained from the media copyright license service are added into the copyright license. Then the copyright license distribution program signs a signature on the copyright license by the public key of the certificate. Finally, the copyright license distribution program sends the signed copyright license to the media copyright manager of the user's computer. The media copyright manager verified the signature and places the license in the copyright database. The media copyright manager decrypts the license and sends the requested multimedia contents packet to the player.
As can be seen from the working principle of the DRM, the server is quite important in case that the user wants to request a new copyright license. If the user can not access the internet, the user can not get a new copyright license through the internet to open the protected file. That brings inconvenience to the user.